Forum Discussion
jim_piggrem_436
Nimbostratus
NimbostratusHTTP to HTTPS with sharepoint 2013
Recently built up a sharepoint 2013 server and put it behind F5 using SSL offloading. Certain content is show up as "mixed" content and that wont be good for our end users. So I am looking to do a Irule to change any outbound link from HTTP to HTTPS can someone write that up for me? Or should I try to use Stream? would that be more efficient?
kridsanaCirrocumulus
Is this normally behavior?
If Sharepoint usually serve content in HTTP protocol (ie http://www.sharepoint.com/logo.png). It will be show mixed content.
Can you look into this about aam?
https://devcentral.f5.com/questions/f5-ssl-offload-and-sharepoint-aams
PS.
Steam may be a last choice because i try it before and it solved mixed content issue but some menu (aspx script) doesn't working.
and I also not change AAM too (Due to lacking knowledge). So we change SSL offload into SSL Bridging and everything is working fine.
jim_piggrem_436Well yea we have setup the alternate access mappings to point to like this
http://dev.audittracker.com Default http://dev.audittracker.com https://dev.audittracker.com Internet https://dev.audittracker.com
I have never setup SSL Bridging, would that mean we put sharepoint on https and just give a local cert?
- kridsanaYes , we let's F5 decrypt packet first (to do some change via irule) and re-encrypt before send to sharepoint in HTTPS. and we don't have problem with SSL mixed content due to sharepoint serve content in HTTPS protocol.
- jim_piggrem_436
OK we just fixed it still using SSL offloading. Had to do with the alternate acess mappings, the default alternate access mapping had to be switch to HTTPS. That fixed the Iframe items pushing them back to https.
- kridsana
So AAM of sharepoint will be like this?
http://dev.audittracker.com Default https://dev.audittracker.com
https://dev.audittracker.com Internet https://dev.audittracker.com
- jim_piggrem_436
exactly that was needed to push back the https in the IFrames. I also created a new AAM to point to the server name on HTTP and extended the website to that so that Users (only like 2 of them) could get to it on the server.
After pouring over tons of articles on alternate access mapping the above was the way to do it. Microsoft really needs to put more importance on AAM training for network admins. I like how they did AAM because it gives you a lot of alternatives on how your site is presented even on different DNS entries. But anyone trying to use them needs to understand fully of what is happening or not happening.